Lineo's GPL Compliance Tool

Fear, uncertainty, and doubt currently surround the GPL (GNU General Public License) in the eyes of most IT managers. They wonder whether it will infect their software and require them to expose their intellectual property to the world. They worry that trade secrets will be exposed and allow their competition an unfair advantage over them.

Nowhere are these fears more real than in the embedded systems market. With software so tightly integrated into the design of the hardware, most vendors want to reveal as little as possible to the public, in order to maintain their competitive advantage.

This article gives a quick look at the LineoEmbedix GPL Compliance Toolset, which interviews developers to help uncover any conflicts with the GPL. The toolset currently exists only as an add-on to the Embedix software developer kit, and costs around $3,000.

Open-source issues

Open source offers a huge, tested repository of code for free use. The only requirement of most of it is that you contribute to the code by giving back your changes. This is enforced by the GPL (GNU Public License) that stipulates the source code to all changes to a GPL-compliant program must be made available to the public. If your proprietary program incorporates "GPL'd" code, then you are required to make the code to your proprietary program available through the rules of the GPL.

This is why many people call the GPL "infectious." If you aren't worried about releasing your code or protecting your intellectual property, you have nothing to worry about. You are free to build upon the work of countless other programmers and developers. Your development time will be extremely quick and you will have scores of developers willing to contribute bug fixes and enhancements.

Protecting yourself

For many people, releasing the code to their brainchild is akin to committing corporate suicide. If software is the only thing that they sell, it will be hard to compete against the freely downloadable version required by the GPL. So how can you protect yourself?

The suits at your head office will tell you the best protection is abstinence; in other words, don't use any open-source code. However that is a misinformed, reactionary opinion. There are many open-source projects that don't use the GPL and don't require you to release your changes back to the source. Two common examples of such licenses are the MIT and BSD licenses. Apple is currently using BSD-licensed code in Mac OS X without suffering any GPL-related problems.

Microsoft has been targeting the GPL recently too, even going so far as to call it a "cancer." Even Bill Gates himself made a public statement against it. But all this is just FUD (fear, uncertainty, and doubt). It is possible to use GPL-compliant code and not have it affect your intellectual property.

More than just being possible, people are using GPL-compliant code, and in the last place you would expect to see companies adopting it: the embedded market. Not only are they adopting GPL-compliant programs, they are basing their companies on it and appear to be succeeding.

Untangling the GPL

With the high stakes of the embedded market and the FUD being spread from such high authorities as Microsoft, how does a company give OEMs and embedded developers the confidence to combine the benefits of both open-source and proprietary software into the same embedded solution?

Lineo has an answer: the Lineo Embedix GPL Compliance Toolset.
It's a set of tools that check your program to see how it complies with the GPL. It can analyze a developer's project and ascertain whether you need to modify a part of your project or not.

The toolset consists of three parts: the Code Review Wizard, The Library Check, and the License Report Wizard.

The Code Review Wizard will analyze the developer's coding habits and reveal any areas of exposure to the GPL that might need attention.
It interviews the developer to determine the intent of the project and finds out which areas the company wants to keep secure from the GPL. This part is basically a large decision tree that takes you through all the possible situations that can be affected by the GPL and other licenses.

The tool was designed by Tim Bird, currently the senior vice president of research and development at Lineo.

The Library Check scans all executables and libraries used in your project for associated libraries and generates a report of the findings. This lets you know if you are "guilty by association" from any of the linked libraries your project might have used.

The Image Library Usage report.

Finally, the License Report Wizard generates a report of all licenses used within the project. The Report Wizard compares the data it received to the answers you gave in the Code Review Wizard. From this data, it generates a report of license violations that conflict with your stated desires and recommends how to work around them.

The Source Library Usage report.

Within almost all open-source projects, including GPL-compliant ones, you many include code from subprojects -- and each smaller project may have a different license. The GPL compliance tool maintains information on 42 different open-source licenses and has the option to add more.

If your project is of any size, this becomes a very important tool. You can easily give clear information to managers and corporate legal advisors concerning compliance to all licenses used in your projects.

The GPL tool currently exists only as an add-on to the Embedix SDK and costs about $3,000.

Chris Coleman
is the Open Source Editor for the O'Reilly Network and is actively involved with community projects such as OpenPackages.org and Daemon News.